[prev in list] [next in list] [prev in thread] [next in thread]
List: qubes-devel
Subject: Re: [qubes-devel] Re: [Xen-devel] Critique of the Xen Security Process
From: Wojtek Porczyk <woju () invisiblethingslab ! com>
Date: 2015-11-09 18:15:52
Message-ID: 20151109181552.GA1383 () invisiblethingslab ! com
[Download RAW message or body]
On Mon, Nov 09, 2015 at 04:31:58PM +0000, Franz wrote:
> Perhaps a way out of this impasse is to put bounties on Xen security tasks
> identified by Joanna and properly advertise these bounties to Xen users.
> [snip]
This is fundamentaly wrong idea. Security isn't something you can
"apply" or put bounty on. It's a state of the mind, especcialy
developer's. Joanna wrote in her mail:
> > > I can't help but have a feeling that some of the Xen developers seem to be
> > > overconfident in their belief they can fully understand all the possible
> > > execution paths in their code. Well, the XSAs quoted above are an indisputable
> > > prove that this is not quite always the case. Realizing that, each developer by
> > > themselves, might be a great step towards a more secure hypervisor...
And that's why we can't just "submit a patch" to "contribute security".
There is something wrong with Xen as a whole project, but that something
isn't the code. There is a mindset to be fixed.
--
regards, _.-._
Wojtek Porczyk .-^' '^-.
Invisible Things Lab |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
--
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20151109181552.GA1383%40invisiblethingslab.com.
For more options, visit https://groups.google.com/d/optout.
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic